pki: ipsec: T3642: Migrate IPSec to use PKI configuration

2 files changed, 4 insertions, 4 deletions

diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index ea6d85743..9e629b176 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -55,9 +55,9 @@ secrets {
     }
 {%            elif peer_conf.authentication.mode == 'x509' %}
     private_{{ peer_conn_name }} {
-        file = {{ peer_conf.authentication.x509.key.file }}
-{%                if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %}
-        secret = "{{ peer_conf.authentication.x509.key.password}}"
+        file = {{ peer_conf.authentication.x509.certificate }}.pem
+{%                if peer_conf.authentication.x509.passphrase is defined %}
+        secret = "{{ peer_conf.authentication.x509.passphrase }}"
 {%                endif %}
     }
 {%            elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 0d01cd546..36cb1abfb 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -35,7 +35,7 @@
             auth = {{ auth_type }}
 {%    endif %}
 {%    if peer_conf.authentication.mode == 'x509' %}
-            certs = {{ peer_conf.authentication.x509.cert_file }}
+            certs = {{ peer_conf.authentication.x509.certificate }}.pem
 {%    elif peer_conf.authentication.mode == 'rsa' %}
             pubkeys = localhost.pub
 {%    endif %}